Feeds

Call yourself a 'hacker', watch your ex-boss seize your PC without warning

Court rules coder's computer can be suddenly snatched in 'software knockoff' spat

Combat fraud and increase customer satisfaction

A US district court has ruled that self-confessed "hackers" have all the skills needed to swiftly destroy evidence, allowing anyone suing them to seize their equipment without warning.

The court in Idaho decided that a software developer’s computer could be confiscated without prior notice primarily because his website stated: “We like hacking things and don’t want to stop.”

The ruling [PDF] came down in a case brought by Battelle Energy Alliance against ex-employee Corey Thuen and his company Southfork Security.

Thuen, while working for Battelle, helped develop an application today known as Sophia, which fires off alerts if it detects industrial control equipment coming under electronic attack. Battelle – which was tasked with beefing up the computer security of US electricity plants, energy sources and other critical sites – wanted to license this technology, but Thuen hoped to open source the code, according to the plaintiffs.

Sophia, which had been in development since 2009, underwent testing in 2012 and attracted the attention of power companies.

Thuen left Battelle before setting up Southfork Security. According to Battelle, Southfork Security competed against other firms to license Sophia from Battelle before withdrawing in April 2013, a month before an outfit called NexDefense was awarded the right to negotiate an exclusive commercial licence.

Around the same time, in May 2013, Southfork Security began marketing a “situational awareness” program called Visdom that Battelle alleges is a knockoff of Sophia.

Battelle Energy Alliance sued Thuen, claiming that Visdom was based on stolen code, and accused Southfork and Thuen of copyright infringement, trade secret misappropriation and breach of contract, among other allegations, according to legal filings seen by The Register.

What elevates the case from a run-of-the-mill intellectual property dispute is that Battelle persuaded the court to allow it to seize Thuen's computer to copy its files. The district court ruled that the programmer has the skills, as a "hacker", to release the contested code publicly, cover his tracks, and destroy any evidence if he knew a seizure was imminent:

The court has struggled over the issue of allowing the copying of the hard drive. This is a serious invasion of privacy and is certainly not a standard remedy... The tipping point for the court comes from evidence that the defendants – in their own words – are hackers. By labeling themselves this way, they have essentially announced that they have the necessary computer skills and intent to simultaneously release the code publicly and conceal their role in that act. And concealment likely involves the destruction of evidence on the hard drive of Thuen’s computer. For these reasons, the court finds this is one of the very rare cases that justifies seizure and copying of the hard drive.

The plaintiff also obtained a temporary restraining order against Thuen and Southfork Security without prior notice primarily because, again, the Southfork website declared “we like hacking things and we don’t want to stop".

This statement was used to prop up the claimants' argument that Thuen and Southfork "have the technical ability to wipe out a hard drive [and] will do precisely that when faced with allegations of wrongdoing". That would seem to fall short of the usual legal test for granting a restraining order, that the defendants have “a history of disposing of evidence or violating court orders”, but the district court granted the restraining order nonetheless.

The order prevents Thuen and his company from releasing any of the contested source code.

Battelle’s lawyers also raised national security concerns by arguing that releasing the Sophia utility as open-source code would hand strategic and vital information to wannabe power-plant hackers. Thuen and Southfork were not given the opportunity to appear before the court and contest this argument before the seizures were carried out and the restraining order on the business imposed.

A good overview of the whole contentious case so far can be found in a blog post by control system security consultancy Digital Bond. ®

Updated to add

There is a debate over whether the court's ruling ran roughshod over a person's rights against unreasonable seizures as enshrined in the US Constitution's Fourth Amendment: some have argued that such protections do not extend to discovery requests in private civil cases.

SANS - Survey on application security programs

More from The Register

next story
EU: Let's cost financial traders $400m a day, because EVIL BANKERS. Right?
Wait 'til this one hits your pension fund where it hurts
Systems meltdown plunges US immigration courts into pen-and-paper stone age
Massive outage could last four weeks, sources claim
RIP net neutrality? FCC boss mulls 'two-speed internet'
Financial fast track to replace level competitive playing field, report claims
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
UK.gov chucks £28m at F1 tech for buses and diggers plan
Well, not really F1 but who's heard of LMP and VLN*?
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
Edward Snowden on his Putin TV appearance: 'Why all the criticism?'
Denies Q&A cameo was meant to slam US, big-up Russia
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.